0

I send invitation by mail to users with a encrypted email to know which user respond to invitation. Something like:

Hello, click on this link to start learning: https://example.org/start-learning?e=fwTreaN0WybffXdDfZZUNYB3FTFfZObCb7QFF5C4AFJvTjXabIPtRfcoXLkFYMUvD4FIZsmrDdEFN2OPKcTrAOSQLZfuKdfwcic1WtBxWSXWR1GEJD6we213A3BEPBpca0BxaaQ4GGMPFeRyXp6fPrG9WnTgWogwXUcnVtdwSEEdNHGuZsClTxR2AtD2JZN8VAEsRQKpFFShEDR2SET4KxGhLGM3M0FdDelrJtO8KXS2YRaddH==

The encrypted email is the long string above. I encode mail like this in a Mailable class:

$url = 'https://example.org/start-learning?e=' . encrypt($this->to[0]['address']);

Then this $url is added in a mail template like this:

<a href="{{$url}}>click me<a>

Then, when user clicks the link, it routes to a controller and the controller decrypts the payload:

decrypt($request->input('e'));

Then, it works for about 99% of people clicking link. But for about one percent, it does not work, I have an error decrypting. And I don't know why. This is the same Laravel application which encrypts and decrypts. Is there an reason for such a weird behavior?

Side note: I know decrypt always work and has not a random behavior (BTW I tested it on 10000 entries, it's OK). There must be something else with the mail process I don't understand.

rap-2-h
  • 30,204
  • 37
  • 167
  • 263
  • Wouldn't it be far easier to send the user a message id, and just retrieve that from the server when they request it, rather than encrypting your message to them and having them retrieve it through a get request? – Lucas Krupinski Mar 29 '17 at 15:37
  • This application send thousands mails and I don't want to store information before users accept to use the application. So it creates the participation only if users clicked the link and does some things. – rap-2-h Mar 29 '17 at 15:41
  • have tried to use urlencode() and urldecode()? – dparoli Mar 29 '17 at 16:16

1 Answers1

1

I think you should use urlencode() when creating link so instead of:

$url = 'https://example.org/start-learning?e=' . encrypt($this->to[0]['address']);

you should use:

$url = 'https://example.org/start-learning?e=' . urlencode(encrypt($this->to[0]['address']));

to make sure it will be valid.

Marcin Nabiałek
  • 109,655
  • 42
  • 258
  • 291
  • Ok thanks. Even if I have a route like: "https://example.org/start-learning/abcdefg"? Anyway, I'm not sure the problem is here because I have got the full not working payload in my logs and it does not seem to have been altered by the http transport. – rap-2-h Mar 30 '17 at 09:39
  • It depends how you create this route. If you create it manually you should probably still urlencode it, if you are using route or url helper you should look at code but probably Laravel does it under the hood. – Marcin Nabiałek Mar 30 '17 at 13:03